Google Git
Sign in
quiche/quiche.git/ea3b0112297b2dcd43efb4fa44bebff4279931bc^!/.
commit
ea3b0112297b2dcd43efb4fa44bebff4279931bc
[log] [tgz]
author
QUICHE team <quiche-dev@google.com>
Fri Jan 24 15:12:36 2020 -0800
committer
Copybara-Service <copybara-worker@google.com>
Fri Jan 24 15:13:04 2020 -0800
tree
15f0128fe1d3663b00a9a61adb9f24509b9bfc63
parent
83760d3323bb88e46761382cb17f0ea3e62ebc63 [diff]
Add an enumeration of client certificate modes to quic_types.h.

ClientCertMode is used to configure server endpoints.  It tells the endpoint
whether it should request a client certificate, and whether it should allow
"unauthenticated" connections (when the client does not have a certificate).

TLS 1.3 supports three modes for the server:
 - No client certificate requested
 - Request a client certificate but allow unauthenticated connections
 - Request a client certificate and reject unauthenticated connections

See go/quic-tls-client-certificates for details.

gfe-relnote: no change in behavior (new enum definition only).
PiperOrigin-RevId: 291452671
Change-Id: Iaab64381451af7ea0cd2a324d3262ae1e46d0bcd

diff --git a/quic/core/quic_types.h b/quic/core/quic_types.h
index fd49da2..f149ed3 100644
--- a/quic/core/quic_types.h
+++ b/quic/core/quic_types.h

@@ -434,6 +434,15 @@
 
 QUIC_EXPORT_PRIVATE std::string EncryptionLevelToString(EncryptionLevel level);
 
+// Enumeration of whether a server endpoint will request a client certificate,
+// and whether that endpoint requires a valid client certificate to establish a
+// connection.
+enum class ClientCertMode {
+  kNone,     // Do not request a client certificate.  Default server behavior.
+  kRequest,  // Request a certificate, but allow unauthenticated connections.
+  kRequire,  // Require clients to provide a valid certificate.
+};
+
 enum AddressChangeType : uint8_t {
   // IP address and port remain unchanged.
   NO_CHANGE,